SANDRA KLINKENBERG
Architect of Resilience & Structure • Creating stability in unstable times — Advisory services on organisation security, resilience and STRUCTURAL DEVELOPMENT

 interesting facts 
• nice to know • BLACKOUT •




EnergyTransition 

"The Journey to the Sun Fire"  😘🌞🤗🌞🤩🌞 🔋🌡️He 😊 
• a way to future security of supply? 

FusionEnergy  IAEA  Textbook on Fusion Physics

News . Update . Information . EU 2023 Nov.23th • Foresight study on the worldwide developments in advancing fusion energy, including the small scale private initiatives

The Fusion Revolution and why we need it ... 
... and it is brilliant that private companies are taking up the challenge. 
ROBERT ZUBRIN: ".... The fundamental question is: are resources finite or infinite?  If they are finite, then every person is an enemy of every other person, every nation ist the enemy of every other nation, every newborn child is a threat, and the key role of government must be to suppress the number of people, activities an freedoms.
But if resources are truly the unlimited product of human creative activity, then every person is potentially a friend to every other person, every nation can ultimately be a friend to every other nation, every newborn child is a blessing, and the key role of government must be to protect human freedom at all costs.
That is why we need fusion energy, and it is wonderful that the free market is taking up the challenge."
you have any questions?  just send me your message


• Energy Transistion • Security of supply • European electricity interconnection network • Infrastructure • Security • Civil protection • Disaster management • Self-help • BLACKOUT


only some Information in German language

DialogreiheWir schafft Wunder – Fortschritt sozial und ökologisch gestalten“  Eine virtuelle Veranstaltung mit Bundesumweltministerin Svenja Schulze am 20. Mai 2021 von 16:00 bis 17:30 Uhr   Fragen an: Wir-schafft-Wunder@bmu-events.de

Liveübertragung am 25. März ab 16 Uhr: Kontroversen der Transformation - Energieversorgung sicherstellen - wie und woher?   Livestreams des Bundesumweltministeriums, BMU 

nach der Bundestagswahl Ende 2021
- BMU ist nun BMUV unter Steffi Lemke - 

neuer Minister - bekanntes Ziel - aktuelle Situation - Planung & Maßnahmen  --  2022 - 2025

neue Bundesregierung ab Mai 2025 -- gleiche Aufgabe -- 

! MERKE und bedenke stets:
Energieträger können fossil, nuklear, regenerativ etc. sein UND werden jeweils zur STROM- & WÄRME-Erzeugung benötigt! 

Deutschland DE befindet sich im europäischesStromVerbundnetzeine rein nationale Betrachtung ist viel zu gering ... ... ...

Energiewende, Versorgungssicherheit, Infrastruktur, Sicherheit ... 

ein Projekt-Beispiel aus 2011!! » Ansätze und Ideen - machbare Ideen - gab es bereits vor vielen Jahren eine ganze Menge gute inkl. echter Innovationen & innovativer Entwicklungen nebst Patenten & Markenschutz etc. ... ...  » weitere Grundlagen und Einblicke zB. in "Warum ich Strukturentwicklerin bin!" auf Information

wie auch auf der Seite COMPLIANCE 

KRITIS 

 Inkrafttreten am 01.06.2023
- Anforderungen nach § 8a Absatz 5 BSIG - Grundsätzliche Anforderungen im Nachweisverfahren (GAiN)


Nehmen Sie einfach Kontakt auf • Nachricht . Message


Bild von  aus Unsplash


Meine vorab eingereichten Fragen an das BMU zum 25.03.2021: 
1. Wie sieht das Gesamtkonzept inkl. Schnittstellen zu anderen Bereichen und Themenfeldern aus, um eine ausgewogene Energiewende auch wirtschafts- und sozialverträglich zu generieren?
2. Wie stellen Sie eine Versorgungssicherheit inkl. Netz-Schwankungs-Ereignissen mit dem Potential eines #Blackout sicher bei stetiger Reduzierung der grundlastfähigen Regelenergie?
a. Wie erreichen Sie eine skalierbar stabile und tragfähige Situation zur Notwendigkeit der Verstetigung von Energie aus Regenerativen?
i. Wie und wodurch wird das erreicht und bis wann?
3. Wie sehen die derzeitigen Überlegungen, Aktivitäten und Vorbereitungen zu einem möglichen #Blackout aus?
a. warum Blackout Vorsorge soooo wichtig ist und endlich begonnen werden sollte!  

ÖJC-Podcast Folge 181: https://youtu.be/8VfZ7UjtfbM - Nach dem Lockdown ein Blackout mit Herbert Saurugg 
aktuelle Situation - Saurugg.net
aktuelle Daten https://www.netzfrequenz.info/aktuelle-netzfrequenz-full

Bericht Bundesrechnungshof „Umsetzung der Energiewende im Hinblick auf die Versorgungssicherheit“ vom 30.03.2021  

Bundesnetzagentur Ausgabejahr 2025, Erscheinungsdatum 03.09.2025 Ver­öf­fent­li­chung des Ver­sor­gungs­si­cher­heits­mo­ni­to­rings

Bundesministerium für Wirtschaft und Industrie 03.09.2025 - Publikation - Energiedaten und -szenarien
Versorgungssicherheit Strom Bericht 2025

Bericht zu Stand und Entwicklung der Versorgungssicherheit im Bereich der Versorgung mit Elektrizität; Stand: September 2025


deutsches Bundesamt für Bevölkerungsschutz und KatastrophenhilfeRatgeber für Notfallvorsorge und richtiges Handeln in Notsituationen - für Bürger und seit Okt. 2025 neu Ratgeber: Vorsorgen für Krisen und Katastrophen

aus der Feder von H. Saurugg » Europa auf dem Weg in die Katastrophe - 20.04.2022 

stets Aktuelles zum Thema bei blackout-news.de.

Notfall-Rucksack » ein paar Tipps & Hilfreiches 

» Leitfäden zur Selbsthilfe - Saurugg.net
für Bürger individuelle Vorsorge, Familien, KITAs, Schulen, Städte und Kommunen, Bürgermeister*innen, Gesundheitswesen, Senioren- & Pflege-Einrichtungen, Blaulicht-Organisationen - Feuerwehr, ... Unternehmen in Deutsch und englisch/English, ... 

Sie wollen mehr Wissen oder gleich loslegen?
vereinbaren Sie einfach Ihren Termin via Message 

Management Systeme, Notfall- und Krisen Management sowie BLACKOUT Prävention, Vorsorge, Vorbereitung 

• mehr dazu im Service


Emergency and Crisis Management

Emergency and crisis management (part of Business Continuity Management/BCMS) is a systematic approach to identifying critical processes, preparing emergency and recovery plans, and organising emergency and crisis management teams, so that an organisation remains able to act swiftly in the event of disruptions in the form of an emergency and/or crisis, minimises damage and ensures the continuation of operations and business — in short: what is a management system for exceptional situations, what is its purpose (protecting people, assets and reputation; rapid recovery) and why is it necessary (resilience to disruptions, regulatory requirements and competitiveness). Sandra Klinkenberg

Emergency and Crisis Management 
• Business Continuity (BCM/BCMS)
• Operational capability and business continuity

Definitions, explanations, information, corrections and clarifications regarding terms used in both a business and technical context, as well as in everyday life – FAQs

Emergency and Crisis Management • Business Continuity, BCMS


Business Continuity Management (BCM):  

Definition, content and benefits

Business Continuity – or, as it is known in German, Kontinuitätsmanagement, or more accurately Geschäftsfortführungsmanagement – is a comprehensive management system. It enables organisations to be prepared for events – whether they take the form of an emergency or a crisis – and to respond in as well-rehearsed and professional a manner as possible, with the aim of returning to normal business operations as quickly as possible with minimal damage, whilst also identifying, minimising and capitalising on risks, opportunities and potential at an early stage throughout the year, even during "peacetime".

Definition: Business Continuity – What is Business Continuity?

A Business Continuity Management System (BCMS) enables organisations, amongst other things, to identify risks at an early stage and develop appropriate measures to manage the situation(s) as quickly as possible, minimising damage should an incident occur.
A Business Continuity Management System (BCMS) comprises, on the one hand, preventative measures throughout the year – involving the creation and development of all the policies and measures necessary to manage acute situations, as well as the integration, maintenance and development of the management system itself – and, on the other hand, the management of acute situations through its specific organisational structure, which acts as a support process within the organisation / company / group / legal entity / fiscal group in the event of an acute situation.

Possible scenarios for a business continuity crisis  
Business Continuity focuses on exceptional situations such as emergencies and/or crises. It comprises, amongst other things, year-round prevention in the form of preparations to ensure the swiftest possible resumption or restoration of business operations – critical business processes – with the least possible damage, first into contingency mode and ultimately back to normal operations within an organisation or group of organisations. An emergency and/or crisis is therefore neither a disruption (an ‘incident’) within the organisation, nor a serious disruption – these are handled by Incident Management – nor is it a disaster, which refers to areas and sectors of adjacent entities both within and outside the organisation or group of organisations.

Within organisations, there are no disasters, only emergencies and/or crises. By definition, disasters are major incidents of damage that are not limited in terms of space or time; for example, in the context of natural disasters resulting from floods or earthquakes, and are treated within the organisation or group of organisations as emergencies and/or crises; see Definitions – Table 1 – Definitions – Disruption, Emergency, Crisis, Disaster

Any threat or risk that affects an organisation or a group of organisations may escalate from an incident or disruption to an emergency and/or crisis, or may even trigger an emergency and/or crisis straight away; for definitions of these terms, see Table 1: Definitions – Disruption, Emergency, Crisis, Disaster - in German language
Business Continuity Management (BCM) – prevention – and its emergency and crisis management – response – are organised within a specialist management system (BCMS), usually in accordance with the international standard ISO 22301, Societal security – Business Continuity Management Systems – Requirements, and, in addition to close links with other areas such as company-wide risk management or information security management (ISMS), etc., a direct and immediate link to the organisation’s ICT and infrastructure, encompassing all key, critical and sensitive elements and components. Tools such as standards are also available for this purpose, for example ISO/IEC 27031, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (IRBC, also known as ITSCM or IT Service Continuity Management), German: Information technology – Security techniques – Guidelines for the readiness of information and communication technology for business continuity (IRBC or also referred to as ITSCM, IT – or rather ICT – Service Continuity Management).

Key tools and resources in business continuity management and its emergency and crisis management – that is, a BCMS (Business Continuity Management System) – include, amongst others. 

  • Business Continuity Plans (BCPs) for each organisational unit, department, etc.
  • Restart and Recovery Plans (RSPs and RHPs) for each zone, group, component, application, etc. 
  • Emergency and Crisis Plans for each zone, group, building, site, legal entity, etc.

These resources and working materials are developed, tested, reviewed and, above all, constantly updated during so-called "peacetime" – as part of preventative measures – developed, tested, reviewed and, above all, constantly updated, so that in the event of an incident – during the response phase – they can be deployed in a state that is up to date, tested and well-rehearsed, with the aim of transitioning to emergency operations as quickly as possible whilst minimising damage, and subsequently returning from there to the normal operations of the organisation or group of organisations.

Threat scenarios

Natural disasters

Fire – Water – Wind – Natural disasters – Explosions – Terrorist attacks – Loss of buildings – Power cuts – Major incidents in the surrounding area – Radiation (electromagnetic, compromising, etc.)  …

People / Staff

Lockout – Kidnapping – Staff shortages – Service disruptions – Agent failures – Identity theft – Social engineering –  …

IT / ICT / Infrastructure – ICT, Information and Communication Technology 

Theft, data loss – sabotage – espionage – cyber attacks such as malware, phishing, etc. – tampering – unauthorised access – failure to function – destruction / vandalism – breakdown – malfunction – unauthorised use – incorrect use – misuse –  ... 

Business operations

Disclosure of sensitive information – attacks, assaults, incidents – lack of resources – breaches of laws and regulations – coercion, blackmail, corruption – restrictions on or disruption to goods and services – IT – or rather ICT – or infrastructure restrictions or failures …


The BSI (Federal Office for Information Security) regularly provides up-to-date resources, such as a catalogue of threats (see below), currently dated 7 December 2020 – available on the BSI’s website  

List of threats – Natural hazards / risks
Table of Contents – as at 7 December 2020
G 0.1 Fire - G 0.2 Adverse weather conditions - G 0.3 Water - G 0.4 Contamination, dust, corrosion - G 0.5 Natural disasters - G 0.6 Disasters in the surrounding area - G 0.7 Major incidents in the surrounding area - G 0.8 Failure or disruption of the electricity supply - G 0.9 Failure or disruption of communication networks - G 0.10 Failure or disruption of utility networks - G 0.11 Failure or disruption of service providers - G 0.12 Electromagnetic interference - G 0.13 Interception of compromising radiation - G 0.14 Espionage (espionage) - G 0.15 Eavesdropping - G 0.16 Theft of equipment, data storage media or documents - G 0.17 Loss of equipment, data storage media or documents - G 0.18 Poor planning or failure to adapt - G 0.19 Disclosure of sensitive information - G 0.20 Information or products from an unreliable source - G 0.21 Tampering with hardware or software - G 0.22 Manipulation of information - G 0.23 Unauthorised intrusion into IT systems - G 0.24 Destruction of equipment or data storage media - G 0.25 Failure of equipment or systems - G 0.26 Malfunction of equipment or systems - G 0.27 Lack of resources - G 0.28 Software vulnerabilities or errors - G 0.29 Breach of laws or regulations - G 0.30 Unauthorised use or administration of equipment and systems - G 0.31 Incorrect use or administration of equipment and systems - G 0.32 Misuse of authorisations
- G 0.33 Staff shortages - G 0.34 Attack - G 0.35 Coercion, blackmail or corruption - G 0.36 Identity theft - G 0.37 Denial of actions - G 0.38 Misuse of personal data - G 0.39 Malware - G 0.40 Denial of service (Denial of Service) - G 0.41 Sabotage - G 0.42 Social engineering - G 0.43 Planting of messages - G 0.44 Unauthorised entry onto premises - G 0.45 Data loss - G 0.46 Loss of integrity of sensitive information - G 0.47 Adverse side effects of IT-based attacks

Business Continuity Management 

Technical Analysis

Technical considerations can and should be wide-ranging – technical considerations may, for example, include

  • technology in IT/ICT (Information and Communication Technology), as well as, for example, production engineering and/or building services engineering, etc.
  • systems and methodologies designated as ‘technical’ within a management and organisational system
  • procedures designated as ‘technical’ – strategic, tactical, operational – within an organisation, company,  group of companies or institution and their organisation, committees, groups and departments, as well as teams
refer to, concern or address.

I, SANDRA KLINKENBERG • Management advisor, self-employed independent economic, corporate, management advisor • www.Sandra-Klinkenberg.de, would like to focus here on ICT, which stands for Information and Communication Technology. ICT (Information and Communication Technology) has, based on its own standard (e.g. an ISO standard), an international ISO standard and thus a guideline —; for example, ISO/IEC 27031, ‘Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity’, or, to put it simply, the ‘Guideline for Readiness for Business Continuity, IRBC’. This guideline, ISO/IEC 27031 IRBC, is closely and inextricably linked, alongside others, to the BCMS (Business Continuity Management System) and its international standard, ISO 22301 – societal security ...

Disaster scenarios
Within organisations, there are no disasters, only emergencies and/or crises. By definition, a disaster is a major incident causing widespread damage that is not limited in terms of location or time; for example, in the context of natural disasters resulting from floods or earthquakes, and is treated within the organisation as an emergency and/or crisis; see the definitions – Table 1 – Definitions – Disruption, Emergency, Crisis, Disaster – in the chapter – Possible Scenarios for a Business Continuity Crisis – PLEASE refer to Table 1: Definitions
ALWAYS BEAR IN MIND – staged emergency situations and training-induced threats, incidents and events are tests and exercises conducted ‘in peacetime’ and can therefore only provide an approximation of real-life events and the physical and psychological stresses, technical and organisational challenges, etc., etc., that these entail. Genuine, real-life exceptional situations always look different in their individual details, and one thing is certain – an incident rarely, if ever, occurs on its own; that’s Murphy’s Law.

Social security

As with the technical perspective, societal security must also be considered from different angles, and it must be determined from which specialist perspective it should be focused on.
In the context of business continuity, societal security refers to the requirements for a Business Continuity Management System (BCMS) to maintain security and resilience; these are based on the international standard ISO 22301. This standard was developed by Technical Committee ISO/TC 292 ‘Security and resilience’ in collaboration with Technical Committee CEN/TC 391 ‘Protection and safety of citizens’; in Europe, the European standard is used, which is available in three languages – German, English and French – and has national status.

ISO, the International Organisation for Standardisation, is a global association of national standards organisations and works closely with the International Electrotechnical Commission (IEC) on all matters relating to electrical engineering.

Business Continuity (BC) in the Event of a Crisis
Business continuity management focuses on exceptional situations such as emergencies and/or crises. It comprises, amongst other things, year-round prevention in the form of preparations to ensure the swiftest possible resumption or restoration of business operations – critical business processes – with the least possible damage, first into contingency mode and ultimately back to normal operations within an organisation or group of organisations. An emergency and/or crisis is therefore not a disruption within the organisation, nor is it a serious disruption, nor is it a disaster; rather, these are areas and sectors of adjacent entities both within and outside the organisation or group of organisations.
Business Continuity Management (BCM) – prevention – and its emergency and crisis management – response – are organised within a dedicated management system (BCMS), usually in accordance with the international standard ISO 22301, Societal security – Business Continuity Management Systems – Requirements, and, in addition to close links with other areas of the organisation, requires a direct and immediate link to ICT and infrastructure, encompassing all key, critical and sensitive elements and components. Tools such as standards are also available for this purpose, for example ISO/IEC 27031, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (IRBC, also known as ITSCM, IT Service Continuity Management), German: Information technology – Security techniques – Guidelines for the readiness of information and communication technology for business continuity (IRBC or also referred to as ITSCM, IT – or rather ICT – Service Continuity Management).

Integrating security into the business continuity plan

Security refers to establishing, achieving and maintaining a state of uninterrupted operation – both organisationally and technically. Within a Business Continuity Management System (BCMS), it means enabling business continuity and operational capability; this is precisely why such a management system is established and integrated. Security is therefore an outcome that is supported by a Business Continuity Management System (BCMS).

A Business Continuity Plan (BCP) is drawn up for each critical business process (and beyond), and a criticality assessment is carried out for every aspect and part of the process, as well as for the required components, infrastructure, personnel, etc. – in short, everything needed to operate and execute that process or the relevant part of it.  A Business Continuity Plan (BCP) should include all the necessary elements to ensure operational capability – both organisational and technical – AND should be supplemented by so-called workarounds. A workaround is a so-called emergency and/or temporary solution that is used when parts, components, etc., necessary for the process are not available.
PLEASE NOTE! The workarounds defined and described in the BCP (GFP) are only to be used if an authorised body has declared an emergency and/or crisis for the affected area!
In the BCMS – Business Continuity Management System (German: Geschäftsfortführungsmanagement):
A Business Continuity Plan (BCP), German: Geschäftsfortführungsplan (GFP), defines requirements in terms of measurable values, such as

  • RTO = engl. Recovery Time Objective 
  • RPO = engl. Recovery Point Objective 
  • MBCO = engl. Minimum Business Continuity Objective 
  • MTPD = engl. Maximum Tolerable Period of Disruption 

and is assessed once a year, during the course of the year, by means of a BIA (Business Impact Analysis). These requirements from the business side are then weighed against the realities of what is possible and feasible* from an organisational and technical perspective, and a matching process is carried out.  *For this purpose, the so-called restart and recovery plans (WAPs/WHPs) are drawn up. The discrepancy – the values that do not match – forms the starting point for action within the organisation to address these issues; it encompasses risks, opportunities and potential. These must be identified and utilised in order to maintain the best possible prospects for operational and business continuity, as well as to improve day-to-day business operations.

Trained staff as the key to resilience 

Training, practice, testing and exercises are key components of, amongst other things, a Business Continuity Management System (BCMS), in order to provide the relevant parties and those affected with the subject-specific procedures – which have been jointly planned, defined, established, organised and documented specifically for each unit – to train them in these procedures, and thus to enable a certain degree of guided yet self-reliant ‘intuitive correct course of action’ in the event of an incident, including threatening situations, of the nature of an emergency and/or crisis.
The resources of the organisation-specific Business Continuity Management System (BCMS), which are developed, updated, corrected, adapted, reviewed and approved throughout the year, (German: Geschäftsfortführungsmanagementsystem), can therefore also be regarded as a small lifeline, a set of guidelines and a safety net within the organisation in times of need, in the event of an unforeseen incident, an exceptional situation, an incident of the nature of an emergency and/or a crisis.
Staff who have received training and practice find it easier to cope and are better prepared for, and more ‘mentally equipped’ to deal with, exceptional situations such as emergencies and/or crises. Having practised dealing with such situations makes them easier to cope with when they actually occur, and practising the ‘correct course of action’ minimises damage and secondary incidents.

How Business Continuity Planning Works
Gather and compile the basic data, information and requirements, such as

  • Business processes – end-to-end process mapping – mapping of the process landscape
  • Infrastructure – e.g. site and layout plans, etc.
  • Risk management – compliance – regulatory monitoring – audit and (internal) review
  • ICT infrastructure – end-to-end mapping of the ICT infrastructure • mapping of the I(C)T architecture along with management processes
  • BCPs (Business Continuity Plans)
  • WAPs/WHPs – ICT restart and recovery plans + WAPs – business-specific restart and recovery plans 
  • Emergency and Crisis Plans
  • Reconciliation of requirements: target-actual comparison, gap analysis, risks and potential, measures
  • Teams, personnel  – Emergency and Crisis Teams BCM – Emergency and Crisis Teams ITSCM / IRBC • Emergency and Crisis Management Teams – definition of rights, duties and responsibilities, e.g. through policy
  • Emergency and Crisis Organisation (special organisational structure, BAO)
    along with the staff organisation of the emergency and crisis management teams
  • Preparation of emergency and crisis communication
  • etc. etc.

and bring all this information together within an organisation or group of companies in such a way as to achieve a high level of risk minimisation and enable a defined capacity for operational and business continuity – design a group-specific management system (BCMS) with all its tools, necessary regulations, resources and preparatory measures both within and outside the organisation or group of companies.
Sounds (too) simple? – That’s right, it is! • Don’t believe it? – Let us surprise you! says SANDRA KLINKENBERG • Advisory Business Economist, self-employed independent economic, corporate, management advisor • www.Sandra-Klinkenberg.de

Business Continuity Management: The Advantages and Disadvantages of BCM

How can BCM benefit your business?
Put simply, business continuity is a form of in-house, self-generated insurance within a company; when done well, it acts as a ‘safety net’ within the organisation, enabling it to manage incidents or events – whether singular or plural – of the nature of an emergency or a crisis as effectively as possible, and to either maintain business operations or restore them to contingency mode as quickly as possible, and ultimately back to normal business operations.

To put it simply: without the human element, technology and technical components are superfluous; and without technology and technical components, the human element is only partially – if at all – capable of functioning and operating, particularly given the increasing pace of digitalisation, the use of robots and other technologies such as AI (artificial intelligence), quantum computers, etc., etc.  The good old piece of paper can ensure operational capability in exceptional situations, but only if a working pen is also available. Knowledge of so-called ‘on-the-spot’ activities is therefore an essential requirement for exceptional situations and should be taught to and practised with the relevant staff as part of training courses, workshops and drills held throughout the year.

Business Continuity Management (BCM) – including the emergency and crisis management provisions contained within the specialist management system (BCMS), as well as the specific organisational structure (BAO) incorporated therein – provides opportunities throughout the year to develop the organisation’s resilience through, for example, the identification of vulnerabilities, exploiting potential, the targeted development and implementation of appropriate measures to enhance organisational security, and the drafting of specific emergency and crisis plans, together with subject-specific workarounds, to ensure the rapid establishment of emergency operations whilst minimising damage as far as possible, and the subsequent return to normal operations of the company / organisation / group of companies / legal entity / institution.
A Business Continuity Management System (BCMS) does not prevent events or incidents – amongst other things, and alongside other management systems, it helps to
  • To identify risks at an early stage and develop appropriate measures to deal with events or incidents – known as failure scenarios, threat scenarios or potential hazards – in the best possible way, and to be as well prepared as possible, and in a cost-effective manner, for defined event or incident scenarios classified as emergencies and/or crises. Always bear in mind: no event or incident classified as an emergency and/or crisis is like any other – it always looks different and manifests itself differently – but one thing remains constant: being prepared is better than being caught off guard – Murphy’s Law is ever-present, meaning that an event or incident never occurs in isolation, even if it merely triggers further events or incidents. In short: a BCMS (Business Continuity Management System) also serves, amongst other things, to minimise risk and ensure organisational security, with the specialist unique selling point of a company-specific structure for emergency and crisis management, designed to prepare for the professional handling of an event or incident of the magnitude of an emergency and/or crisis.
  • Once such an event – an incident or occurrence constituting an emergency and/or crisis – has occurred, to manage this situation or event as effectively as possible, with the least possible damage and as quickly as possible, and to restore operational capability to as near to full capacity as possible.  To this end, a specific organisational structure (BAO) must be established and suitable measures and plans developed to transition the organisation / company / legal entity / group of companies / etc. to emergency operations and subsequently back to normal operations.
  • To enhance the resilience and robustness of a company / organisation / legal entity / group of companies / etc., whilst ensuring that the organisation itself does not commit any organisational breaches, and thereby to comply with regulatory requirements applicable to the organisation – including laws, regulations, directives, norms and standards – so as to avoid being guilty of any criminal offence.
Mastering crisis situations 
Within organisations, there are various levels of escalation for unforeseen events and exceptional situations;
these are:
  • Disruption – a short-term failure of processes or resources causing only minor damage. The response forms part of standard troubleshooting procedures.
  • Emergency – a prolonged failure of processes or resources causing significant or very significant damage. The response requires special emergency procedures
  • Crisis – a severe emergency essentially confined to the organisation, which threatens the organisation’s existence or jeopardises people’s health or lives. As crises do not have a widespread impact on the surrounding area or public life, they can, at least for the most part, be resolved within the organisation itself
By definition, a disaster is a major incident causing widespread damage that is not limited in terms of location or time; for example, in the context of natural disasters, it may result from floods or earthquakes, and is treated as an emergency and/or crisis within the organisation/group of companies/legal entity/institution.
Through an effective and functional business continuity management system (BCMS), together with its emergency and crisis management components, a company or organisation can be enabled, in the event of an incident constituting an emergency and/or a crisis, to manage the situation(s) as effectively and quickly as possible with the least possible damage, to identify and minimise risks throughout the year, and to develop appropriate measures to ensure operational capability and the continuity of business operations.

Securing competitive advantages

The ability to maintain business operations in exceptional circumstances is a significant competitive advantage – complemented by innovative strength and flexibility, even unexpected, previously unplanned developments and business areas can emerge within an organisation/group of companies/legal entity/institution, either temporarily or even permanently; as, for example, during the CORONA – the COVID-19 – pandemic; however, a large number of ‘mature’ organisations are required to enable a greater number of companies, organisations, corporate groups, legal entities and institutions to capitalise on such opportunities – a concrete example cited here is the inadequate preparation of most organisations/ groups, as well as the failure – even in day-to-day business operations – to make technical and technological use of existing systems and equipment, for example to carry out tasks sustainably both within and outside the organisation/group – specifically: thanks to COVID-19, the world has finally learnt to use video conferencing systems, for example, without the need for constant travel for so-called ‘coffee meetings’ criss-crossing the globe – or indeed, working from home, which became the NORM😊 as a result of the lockdown. Unfortunately, however, it took far too long to acquire this capability, and it brought with it many, many repercussions and consequences that made operations extremely challenging for most, and even impossible for some.

Disadvantages of a BCM system

What could possibly be wrong with a safety net – whether in the form of a tightrope walker or self-generated insurance within the organisation? Yes, it costs money and it takes work, determination, understanding and a little effort to set up, establish, maintain and continually expand and improve a Business Continuity Management System (BCMS). That is a decision – and no one else but the person in charge can make that decision; no one else, only the person in charge!

ISO/IEC 27031 – the Business Continuity Guide  
ISO/IEC 27031, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (IRBC, also known as ITSCM, IT Service Continuity Management), i.e. Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (IRBC, also known as ITSCM, IT – or rather ICT – Service Continuity Management) is ONLY the technical/technological, systems- and components-based part of a company-wide business continuity management system – Business Continuity Management System (BCMS) based on the international standard ISO 22301.

Which organisations need a business continuity management system, and why?

Every organisation needs a business continuity management (BCM) system! Such a system always varies depending on the sector, the size of the organisation, the defined scope, the relevant products and services, the resources, materials and substances used – including hazardous substances – as well as markets and sales regions, etc., etc., and differs in terms of content, form and scope, etc., and is always specific to the organisation or corporate group in question.
Business Continuity – or, as it is known in German, Kontinuitätsmanagement, or more accurately Geschäftsfortführungsmanagement – is a comprehensive management system. It enables organisations to be prepared for events – whether they take the form of an emergency or a crisis – and to respond in as well-rehearsed and professional a manner as possible, with the aim of returning to normal business operations as quickly as possible with minimal damage; it also enables them to identify, minimise and capitalise on risks, opportunities and potential at an early stage throughout the year, even during ‘peacetime’.

Ensuring productivity through business continuity management and improved ICT and emergency management  

IRBC (Readiness for Business Continuity) – operational and business continuity capability – or also referred to as ITSCM (IT Service Continuity Management), based, for example, on ISO/IEC 27031, provides guidelines for maintaining a technical and technology-based capability for operational and business continuity; this is absolutely essential and indispensable for establishing and maintaining business continuity management, including the emergency and crisis management it encompasses.

Risk Management and Business Continuity Management

Within the Business Continuity Management System (BCMS), it is necessary to compare requirements with the feasibility and capabilities of internal operational capacity from a business continuity perspective, and to assess these annually by means of a BIA (Business Impact Analysis). The subsequent comparison of requirements and necessities against existing and available capabilities and possibilities highlights discrepancies; these, in turn, must be assessed individually and according to various categories, and the approach to addressing each discrepancy must be defined. Based on this analysis and the assessments, risks can and, as experience shows, will be identified; these are then fed as input into an existing risk management system – ideally one covering the entire organisation.

The benefits of a network – Stronger together 

As with other terms and concepts, the following questions should also be asked regarding the term ‘network’:

  • what exactly is meant by the term?
  • which network is being referred to?
  • does it refer to networks of people and/or organisations?
  • or does it refer, for example, to ICT infrastructure and the networks within it, including their hardware and software?
  • etc. etc.

In business continuity management, as well as the emergency and crisis management it encompasses, it is both necessary and absolutely essential to communicate, document and act in a manner that is clear, specific, precisely defined and verifiable – and, ideally, legally watertight throughout! Documentation and verifiability are crucial and are subject to all legal and compliance-related requirements.
As for personal and/or corporate networks, the answer is: to a certain extent, yes, but they can also be counterproductive and so the answer is rather no – it therefore always depends on what is at stake and when, how, to what extent and in what situation, etc., etc. a network is used, as well as for which topics and projects – but as a general rule, more can be achieved together, just as a problem shared is a problem halved, provided everything is above board. Unfortunately, in this day and age, there is a high degree of ideological infatuation as well as widespread herd ignorance – so a network can also be, and may become, counterproductive.

Current threat:
How the skills shortage is affecting business continuity management

A current threat? Unfortunately not! Due to the failure to make use of existing frameworks and regulations at national, European and international levels, the so-called skills shortage – as presented and portrayed on such a vast scale – is more than just a home-grown problem or a matter of fate!
“Skills shortage”? A well-maintained myth with a long beard – one so old that the long beard has long since fallen out! Sandra Klinkenberg, www.Sandra-Klinkenberg.de/COMPLIANCE
A call for integration, implementation and utilisation
EQF – European Qualifications Framework* and the consequences of the current disregard for and failure to utilise it
! Comparability does not mean standardisation or, indeed, exclusion; AND university degrees are not the same as occupations; here in the EU and in Germany, occupations have clearly defined qualifications and competences !
» A corrective update to the list of professions – at European level too – based on the EQF* alongside national qualifications frameworks is/would now finally be appropriate and is long overdue! ↯ European Union platform? ↯ ?? SKILLS SHORTAGE?? * 
EU – European Qualifications Framework (EQF)
Education, training and practice are essential in all disciplines and fields of operation – with a global population of 8 billion people, there is sufficient capital available on this planet, as well as ample AND the necessary SKILLS, and there are plenty of skilled individuals everywhere – all that is required is for the systems, and in particular the ICT systems, to be adapted to the existing and available framework conditions; then massive staff shortages – or even crises – will be resolved very quickly and in many places.

Conclusion: business continuity management 

Business continuity management supports the availability and operation of an organisation or group of organisations. It should be implemented in every company to ensure preparedness for emergency and crisis situations in practice; regular tests and drills help to practise disaster recovery (DR) and emergency and crisis management procedures, with a view to restoring business operations.
Definitions, guidelines, correct application and clear communication are crucial aspects of ISO BCM, BSI BCM and all other possible and available BCM standards. Each standard provides a basis for the relevant BCM certification, as well as ensuring high availability of the necessary data and information, etc., and knowledge regarding maximum downtime. It is particularly important to be aware of these factors in times of crisis, as the threat landscape is constantly intensifying – given, amongst other things, the need for comprehensive cybersecurity, the risk of armed conflict, volatile supply chains, and even the economy as a whole, etc.
BCM consultants are a dime a dozen – but there are very few who are truly good and knowledgeable. Among these ‘dime a dozen’ ‘consultants’, you’ll find every conceivable approach imaginable, yet little to no practical value; they talk of corporate disasters or merely ‘BCM crisis management’, and drive all sorts of nonsense into organisations and corporate bodies. The most amusing – and easiest for anyone to spot – are the ‘consultants’ who talk about a single-dimensional BCM risk management approach and introduce such piecemeal, patchwork solutions into companies and organisations. The BCM strategy then usually amounts to nothing more than a rudimentary mapping of downtime in the business continuity plan, etc. … and the topic of BLACKOUT fits right in with that!
– NOTE & REMEMBER – technically speaking: not every power cut or series of power cuts is automatically a BLACKOUT! For more on this topic, see, for example, https://www.Sandra-Klinkenberg.de/nice-to-know-BLACKOUT
Highly effective, tried-and-tested practices in the field are specifically designed and interlinked management systems; these serve as control tools, minimise risks and enhance operational and business resilience within and across companies, organisations, corporate bodies, legal entities, institutions, etc.

What does business continuity mean?

Business Continuity – or, as it is known in German, Kontinuitätsmanagement, or more accurately Geschäftsfortführungsmanagement – is a comprehensive management system. It enables organisations to be prepared for events – whether they take the form of an emergency or a crisis – and to respond in as well-rehearsed and professional a manner as possible, with the aim of returning to normal business operations as quickly as possible with minimal damage; it also enables them to identify, minimise and capitalise on risks, opportunities and potential at an early stage throughout the year, even during ‘peacetime’.

What criteria should a good BCM meet?

  • it is designed, structured and implemented to be specific to the organisation, corporate group or institution
  • it is seamlessly integrated with other control and management systems
  • it covers all potential and relative risks
  • it ensures operational and business continuity
  • it identifies vulnerabilities and gaps and minimises risks
  • it improves resilience and robustness, as well as, where applicable, the day-to-day operations and innovative capacity of the organisation, group, institution, company, etc.

What do organisations need to bear in mind when implementing BCM?

  • All the necessary foundations, such as basic information, data (and systems), should be in place – for example, an overview of the processes and process landscape, as well as the production and ICT landscape, including all their components, across a wide variety of locations as well as in the cloud, etc., etc.
  • This is not a ‘quick and dirty’ undertaking or a project carried out with a few rudimentary immediate measures jotted down on a scrap of paper. It involves the introduction of a management system and control mechanism to safeguard and minimise risks for the company, the organisation, group of companies or institutions.

Success – along with the functionality and effectiveness required to achieve it – can only be generated and achieved through an organisation-, corporate group- or institution-specific approach that utilises generally recognised standards, such as ISO, and allocates sufficient time and resources, as well as securing the support and leadership by example of senior management.

What are the benefits of business continuity?

  • To identify risks at an early stage and develop appropriate measures to deal with or manage the occurrence of an event or incident – i.e. failure and threat scenarios as well as potential hazards – in the best possible way, and to be as well prepared as possible, and in a cost-effective manner, for defined event or incident scenarios of the severity level of an emergency and/or a crisis.

In short: a BCMS (Business Continuity Management System) serves, amongst other things, to minimise risk and ensure organisational security, with the distinctive feature of establishing an organisation- or company-specific emergency and crisis management framework to prepare for the professional handling and management of an event or incident constituting an emergency and/or crisis.

  • to restore operational capability by establishing a special organisational structure (BAO) and developing appropriate measures and plans to return the organisation / company / legal entity / group of companies / institution / etc. to emergency operations and subsequently to normal operations
  • to increase the resilience and robustness of a company, organisation, legal entity, group of companies, etc., whilst ensuring that the organisation itself does not commit any organisational negligence – thereby also ensuring compliance with the regulatory framework applicable to the organisation, comprising laws, regulations, directives, norms and standards, and avoiding any criminal liability

What is ISO 27031? 

ISO 27031 is a tool for achieving business continuity readiness.

  • ISO/IEC 27031, Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity, IRBC or also referred to as ITSCM (IT Service Continuity Management), German: Informationstechnologie – Sicherheitstechniken – Leitlinien für die Bereitschaft der Informations- und Kommunikationstechnologie für die Geschäftskontinuität (IRBC or also referred to as ITSCM, IT – or rather ICT – Service Continuity Management).

The guideline, ISO/IEC 27031 IRBC, is closely and inextricably linked – alongside others – to the BCMS (Business Continuity Management System) and its international standard, ISO 22301 – societal security, requirements for a business continuity management system (BCMS) ... –.

Recommendation – Offer

  • BLACKOUT – Prevention, Pre-emptive Measures, Preparedness
    for governments, regions and local authorities, public bodies
    for businesses, organisations and institutions
  • EMERGENCY AND CRISIS MANAGEMENT 
    System design, system testing, system optimisation and development
    for governments, regional and local authorities, and public bodies
    for companies, organisations and institutions
  • MANAGEMENT SYSTEMS
    including Integrative©Management Systems

    Organisational analysis, systems analysis, planning and integration
    Implementation, optimisation and improvement, development
    for central government, regional and local authorities, public bodies
    for companies, organisations and institutions
  • see more under SYSTEM and/or SERVICE

Simply get in touch • Message • 

Mail
Call
About
Instagram
LinkedIn